<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   <html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <title>Docs For Class Encoder</title>
  <link rel="stylesheet" href="../media/stylesheet.css" />
  <script src="../media/lib/classTree.js"></script>
<link id="webfx-tab-style-sheet" type="text/css" rel="stylesheet" href="../media/lib/tab.webfx.css" />
<script type="text/javascript" src="../media/lib/tabpane.js"></script>
  <script language="javascript" type="text/javascript" src="../media/lib/ua.js"></script>
<script language="javascript" type="text/javascript">
	var imgPlus = new Image();
	var imgMinus = new Image();
	imgPlus.src = "../media/images/plus.gif";
	imgMinus.src = "../media/images/minus.gif";
	
	function showNode(Node){
        switch(navigator.family){
        	case 'nn4':
        		// Nav 4.x code fork...
				var oTable = document.layers["span" + Node];
				var oImg = document.layers["img" + Node];
        		break;
        	case 'ie4':
        		// IE 4/5 code fork...
				var oTable = document.all["span" + Node];
				var oImg = document.all["img" + Node];
        		break;
        	case 'gecko':
        		// Standards Compliant code fork...
				var oTable = document.getElementById("span" + Node);
				var oImg = document.getElementById("img" + Node);
        		break;
        }
		oImg.src = imgMinus.src;
		oTable.style.display = "block";
	}
	
	function hideNode(Node){
        switch(navigator.family){
        	case 'nn4':
        		// Nav 4.x code fork...
				var oTable = document.layers["span" + Node];
				var oImg = document.layers["img" + Node];
        		break;
        	case 'ie4':
        		// IE 4/5 code fork...
				var oTable = document.all["span" + Node];
				var oImg = document.all["img" + Node];
        		break;
        	case 'gecko':
        		// Standards Compliant code fork...
				var oTable = document.getElementById("span" + Node);
				var oImg = document.getElementById("img" + Node);
        		break;
        }
		oImg.src = imgPlus.src;
		oTable.style.display = "none";
	}
	
	function nodeIsVisible(Node){
        switch(navigator.family){
        	case 'nn4':
        		// Nav 4.x code fork...
				var oTable = document.layers["span" + Node];
        		break;
        	case 'ie4':
        		// IE 4/5 code fork...
				var oTable = document.all["span" + Node];
        		break;
        	case 'gecko':
        		// Standards Compliant code fork...
				var oTable = document.getElementById("span" + Node);
        		break;
        }
		return (oTable && oTable.style.display == "block");
	}
	
	function toggleNodeVisibility(Node){
		if (nodeIsVisible(Node)){
			hideNode(Node);
		}else{
			showNode(Node);
		}
	}
</script>
<!-- template designed by Julien Damon based on PHPEdit's generated templates, and tweaked by Greg Beaver -->
<body bgcolor="#ffffff" ><!-- Start of Class Data -->
<h2>
	Interface Encoder
</h2> (line <span class="linenumber">48</span>)
<div class="tab-pane" id="tabPane1">
<script type="text/javascript">
tp1 = new WebFXTabPane( document.getElementById( "tabPane1" ));
</script>

<div class="tab-page" id="Description">
<h2 class="tab">Description</h2>
<pre>
</pre>
<p>
	<b><i>Located in File: <a href="_Encoder.php.html">/Encoder.php</a></i></b><br>
</p>
<!-- ========== Info from phpDoc block ========= -->
<h5>Use this ESAPI security control to wrap your codecs.</h5>
<div class="desc"><p>The idea behind this interface is to make output safe so that it  will be safe for the intended interpreter.</p></div>
<ul>
		<li><strong>author:</strong> - Mike Boberski &lt;<a href="mailto:boberski_michael@bah.com">boberski_michael@bah.com</a>&gt;</li>
		<li><strong>author:</strong> - Linden Darling &lt;<a href="mailto:Linden.Darling@jds.net.au">Linden.Darling@jds.net.au</a>&gt;</li>
		<li><strong>author:</strong> - Andrew van der Stock &lt;<a href="mailto:vanderaj@owasp.org">vanderaj@owasp.org</a>&gt;</li>
		<li><strong>author:</strong> - jah &lt;<a href="mailto:jah@jahboite.co.uk">jah@jahboite.co.uk</a>&gt;</li>
		<li><strong>version:</strong> - Release: @package_version@</li>
		<li><strong>copyright:</strong> - 2009-2010 The OWASP Foundation</li>
		<li><strong>link:</strong> - <a href="http://www.owasp.org/index.php/ESAPI">http://www.owasp.org/index.php/ESAPI</a></li>
		<li><strong>license:</strong> - <a href="http://www.opensource.org/licenses/bsd-license.php">New BSD license</a></li>
	</ul>
<br /><hr />
</div>
<script type="text/javascript">tp1.addTabPage( document.getElementById( "Description" ) );</script>
<div class="tab-page" id="tabPage1">

<h2 class="tab">Class Variables</h2>
<!-- ============ VARIABLE DETAIL =========== -->
<strong>Summary:</strong><br />
<hr />
<script type="text/javascript">tp1.addTabPage( document.getElementById( "tabPage1" ) );</script>
</div>
<div class="tab-page" id="constantsTabpage">

<h2 class="tab">Class Constants</h2>
<!-- ============ VARIABLE DETAIL =========== -->
<strong>Summary:</strong><br />
<div class="const-title">
    <a href="#constCHAR_ALPHANUMERICS" title="details" class="property"><strong>CHAR_ALPHANUMERICS</strong></a>
</div>
<div class="const-title">
    <a href="#constCHAR_DIGITS" title="details" class="property"><strong>CHAR_DIGITS</strong></a>
</div>
<div class="const-title">
    <a href="#constCHAR_LETTERS" title="details" class="property"><strong>CHAR_LETTERS</strong></a>
</div>
<div class="const-title">
    <a href="#constCHAR_LOWERS" title="details" class="property"><strong>CHAR_LOWERS</strong></a>
</div>
<div class="const-title">
    <a href="#constCHAR_PASSWORD_DIGITS" title="details" class="property"><strong>CHAR_PASSWORD_DIGITS</strong></a>
</div>
<div class="const-title">
    <a href="#constCHAR_PASSWORD_LETTERS" title="details" class="property"><strong>CHAR_PASSWORD_LETTERS</strong></a>
</div>
<div class="const-title">
    <a href="#constCHAR_PASSWORD_LOWERS" title="details" class="property"><strong>CHAR_PASSWORD_LOWERS</strong></a>
</div>
<div class="const-title">
    <a href="#constCHAR_PASSWORD_SPECIALS" title="details" class="property"><strong>CHAR_PASSWORD_SPECIALS</strong></a>
</div>
<div class="const-title">
    <a href="#constCHAR_PASSWORD_UPPERS" title="details" class="property"><strong>CHAR_PASSWORD_UPPERS</strong></a>
</div>
<div class="const-title">
    <a href="#constCHAR_SPECIALS" title="details" class="property"><strong>CHAR_SPECIALS</strong></a>
</div>
<div class="const-title">
    <a href="#constCHAR_UPPERS" title="details" class="property"><strong>CHAR_UPPERS</strong></a>
</div>
<hr />
<a name="constCHAR_ALPHANUMERICS" id="constCHAR_ALPHANUMERICS"><!-- --></A>
<div style="background='#ffffff'">
<h4>
<img src="../media/images/Constant.gif" border="0" /> <strong class="property">CHAR_ALPHANUMERICS =  'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'</strong> (line <span class="linenumber">59</span>)
 </h4>
<!-- ========== Info from phpDoc block ========= -->
<ul>
	</ul>
</div>
<a name="constCHAR_DIGITS" id="constCHAR_DIGITS"><!-- --></A>
<div style="background='#eeeeee'">
<h4>
<img src="../media/images/Constant.gif" border="0" /> <strong class="property">CHAR_DIGITS =  '0123456789'</strong> (line <span class="linenumber">55</span>)
 </h4>
<!-- ========== Info from phpDoc block ========= -->
<ul>
	</ul>
</div>
<a name="constCHAR_LETTERS" id="constCHAR_LETTERS"><!-- --></A>
<div style="background='#ffffff'">
<h4>
<img src="../media/images/Constant.gif" border="0" /> <strong class="property">CHAR_LETTERS =  'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'</strong> (line <span class="linenumber">57</span>)
 </h4>
<!-- ========== Info from phpDoc block ========= -->
<ul>
	</ul>
</div>
<a name="constCHAR_LOWERS" id="constCHAR_LOWERS"><!-- --></A>
<div style="background='#eeeeee'">
<h4>
<img src="../media/images/Constant.gif" border="0" /> <strong class="property">CHAR_LOWERS =  'abcdefghijklmnopqrstuvwxyz'</strong> (line <span class="linenumber">53</span>)
 </h4>
<!-- ========== Info from phpDoc block ========= -->
<ul>
	</ul>
</div>
<a name="constCHAR_PASSWORD_DIGITS" id="constCHAR_PASSWORD_DIGITS"><!-- --></A>
<div style="background='#ffffff'">
<h4>
<img src="../media/images/Constant.gif" border="0" /> <strong class="property">CHAR_PASSWORD_DIGITS =  '123456789'</strong> (line <span class="linenumber">78</span>)
 </h4>
<!-- ========== Info from phpDoc block ========= -->
<h5>Numerical digits, for passwords, which excludes '0'.</h5>
<ul>
	</ul>
</div>
<a name="constCHAR_PASSWORD_LETTERS" id="constCHAR_PASSWORD_LETTERS"><!-- --></A>
<div style="background='#eeeeee'">
<h4>
<img src="../media/images/Constant.gif" border="0" /> <strong class="property">CHAR_PASSWORD_LETTERS =  'abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ'</strong> (line <span class="linenumber">90</span>)
 </h4>
<!-- ========== Info from phpDoc block ========= -->
<h5>Union of Encoder::CHAR_PASSWORD_LOWERS and Encoder::CHAR_PASSWORD_UPPERS.</h5>
<ul>
	</ul>
</div>
<a name="constCHAR_PASSWORD_LOWERS" id="constCHAR_PASSWORD_LOWERS"><!-- --></A>
<div style="background='#ffffff'">
<h4>
<img src="../media/images/Constant.gif" border="0" /> <strong class="property">CHAR_PASSWORD_LOWERS =  'abcdefghjkmnpqrstuvwxyz'</strong> (line <span class="linenumber">68</span>)
 </h4>
<!-- ========== Info from phpDoc block ========= -->
<h5>Lower case alphabet, for passwords, which excludes 'l', 'i' and 'o'.</h5>
<ul>
	</ul>
</div>
<a name="constCHAR_PASSWORD_SPECIALS" id="constCHAR_PASSWORD_SPECIALS"><!-- --></A>
<div style="background='#eeeeee'">
<h4>
<img src="../media/images/Constant.gif" border="0" /> <strong class="property">CHAR_PASSWORD_SPECIALS =  '.-_!@$*=?'</strong> (line <span class="linenumber">85</span>)
 </h4>
<!-- ========== Info from phpDoc block ========= -->
<h5>Special characters, for passwords, excluding '|' which resembles  alphanumeric characters 'i' and '1' and excluding '+' used in URL  encoding.</h5>
<ul>
	</ul>
</div>
<a name="constCHAR_PASSWORD_UPPERS" id="constCHAR_PASSWORD_UPPERS"><!-- --></A>
<div style="background='#ffffff'">
<h4>
<img src="../media/images/Constant.gif" border="0" /> <strong class="property">CHAR_PASSWORD_UPPERS =  'ABCDEFGHJKLMNPQRSTUVWXYZ'</strong> (line <span class="linenumber">73</span>)
 </h4>
<!-- ========== Info from phpDoc block ========= -->
<h5>Upper case alphabet, for passwords, which excludes 'I' and 'O'.</h5>
<ul>
	</ul>
</div>
<a name="constCHAR_SPECIALS" id="constCHAR_SPECIALS"><!-- --></A>
<div style="background='#eeeeee'">
<h4>
<img src="../media/images/Constant.gif" border="0" /> <strong class="property">CHAR_SPECIALS =  '.-_!@$^*=~|+?'</strong> (line <span class="linenumber">56</span>)
 </h4>
<!-- ========== Info from phpDoc block ========= -->
<ul>
	</ul>
</div>
<a name="constCHAR_UPPERS" id="constCHAR_UPPERS"><!-- --></A>
<div style="background='#ffffff'">
<h4>
<img src="../media/images/Constant.gif" border="0" /> <strong class="property">CHAR_UPPERS =  'ABCDEFGHIJKLMNOPQRSTUVWXYZ'</strong> (line <span class="linenumber">54</span>)
 </h4>
<!-- ========== Info from phpDoc block ========= -->
<ul>
	</ul>
</div>
<script type="text/javascript">tp1.addTabPage( document.getElementById( "constantsTabpage" ) );</script>
</div>
<div class="tab-page" id="tabPage2">
<h2 class="tab">Method Detail</h2>
<!-- ============ METHOD DETAIL =========== -->
<strong>Summary:</strong><br />
<div class="method-summary">
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodcanonicalize" title="details" class="method-name">canonicalize</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>, [<span class="var-type">bool</span>&nbsp;<span class="var-name">$strict</span> = <span class="var-default">true</span>])
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methoddecodeFromBase64" title="details" class="method-name">decodeFromBase64</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methoddecodeFromURL" title="details" class="method-name">decodeFromURL</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodencodeForBase64" title="details" class="method-name">encodeForBase64</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>, [<span class="var-type">bool</span>&nbsp;<span class="var-name">$wrap</span> = <span class="var-default">false</span>])
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodencodeForCSS" title="details" class="method-name">encodeForCSS</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodencodeForHTML" title="details" class="method-name">encodeForHTML</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodencodeForHTMLAttribute" title="details" class="method-name">encodeForHTMLAttribute</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodencodeForJavaScript" title="details" class="method-name">encodeForJavaScript</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodencodeForOS" title="details" class="method-name">encodeForOS</a>
        (<span class="var-type"><a href="../ESAPI_Codecs/Codec.html">Codec</a></span>&nbsp;<span class="var-name">$codec</span>, <span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodencodeForSQL" title="details" class="method-name">encodeForSQL</a>
        (<span class="var-type"><a href="../ESAPI_Codecs/Codec.html">Codec</a></span>&nbsp;<span class="var-name">$codec</span>, <span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodencodeForURL" title="details" class="method-name">encodeForURL</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodencodeForVBScript" title="details" class="method-name">encodeForVBScript</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodencodeForXML" title="details" class="method-name">encodeForXML</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodencodeForXMLAttribute" title="details" class="method-name">encodeForXMLAttribute</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
    <div class="method-definition">
            <span class="method-result">the</span>
        <a href="#methodencodeForXPath" title="details" class="method-name">encodeForXPath</a>
        (<span class="var-type">string</span>&nbsp;<span class="var-name">$input</span>)
        </div>
</div>
<hr />
<A NAME='method_detail'></A>


<a name="methodcanonicalize" id="methodcanonicalize"><!-- --></a>
<div style="background='#eeeeee'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method canonicalize</strong> (line <span class="linenumber">148</span>)
 </h4> 
<h4><i>the</i> <strong>canonicalize(
string
$input, [bool
$strict = true])</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Data canonicalization.</h5>
<div class="desc"><p>This method performs canonicalization on data received to ensure that it  has been reduced to its most basic form before validation, for example  URL-encoded data received from ordinary &quot;application/x-www-url-encoded&quot;  forms, so that it may be validated properly.</p><p>Canonicalization is simply the operation of reducing a possibly encoded  string down to its simplest form. This is important, because attackers  frequently use encoding to change their input in a way that will bypass  validation filters, but still be interpreted properly by the target of  the attack. Note that data encoded more than once is not something that a  normal user would generate and should be regarded as an attack.</p><p>For input that comes from an HTTP request, there are generally two types  of encoding to be concerned with. The first is  &quot;applicaton/x-www-url-encoded&quot; which is what is typically used in most  forms and URI's where characters are encoded in a %xy format. The other  type of common character encoding is HTML entity encoding, which uses  several formats:</p><p><pre>&amp;lt;</pre>,  <pre>&amp;#117;</pre>, and  <pre>&amp;#x3a;</pre>.</p><p>Note that all of these formats may possibly render properly in a browser  without the trailing semicolon.</p><p>Double-encoding is a particularly thorny problem, as applying ordinary  decoders may introduce encoded characters, even characters encoded with a  different encoding scheme. For example %26lt; is a &lt; character which has  been entity encoded and then the first character has been url-encoded.  Implementations should throw an IntrusionException when double-encoded  characters are detected.</p><p>Note that there is also &quot;multipart/form&quot; encoding, which allows files and  other binary data to be transmitted. Each part of a multipart form can  itself be encoded according to a &quot;Content-Transfer-Encoding&quot; header. See  the HTTPUtilties.getSafeFileUploads() method.</p><p>For more information on form encoding, please refer to the  &lt;a href=&quot;http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4&quot;&gt;  W3C specifications&lt;/a&gt;.</p></div>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to canonicalize.</li>
			<li><strong>bool $strict</strong>: true if checking for multiple and/or mixed encoding is                        desired, false otherwise.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - canonicalized input string.</li>
			<li><strong>see</strong> - h-17.13.4&quot;&gt;W3C specifications&lt;/a&gt;</li>
			<li><strong>throws</strong> - IntrusionException if, in strict mode, canonicalization detects          multiple or mixed encoding.</li>
		</ul>
</div>
<a name="methoddecodeFromBase64" id="methoddecodeFromBase64"><!-- --></a>
<div style="background='#ffffff'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method decodeFromBase64</strong> (line <span class="linenumber">349</span>)
 </h4> 
<h4><i>the</i> <strong>decodeFromBase64(
string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Decode data encoded with Base64 encoding.</h5>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to be decoded.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string decoded from Base64.</li>
		</ul>
</div>
<a name="methoddecodeFromURL" id="methoddecodeFromURL"><!-- --></a>
<div style="background='#eeeeee'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method decodeFromURL</strong> (line <span class="linenumber">327</span>)
 </h4> 
<h4><i>the</i> <strong>decodeFromURL(
string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Decode from URL. Implementations should first canonicalize and detect any  double-encoding. If this check passes, then the data is decoded using URL  decoding.</h5>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to be decoded.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string decoded from URL.</li>
		</ul>
</div>
<a name="methodencodeForBase64" id="methodencodeForBase64"><!-- --></a>
<div style="background='#ffffff'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method encodeForBase64</strong> (line <span class="linenumber">339</span>)
 </h4> 
<h4><i>the</i> <strong>encodeForBase64(
string
$input, [bool
$wrap = false])</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Encode data with Base64 encoding.</h5>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to encode for Base64.</li>
			<li><strong>bool $wrap</strong>: boolean the encoder will wrap lines every 64 characters                       of output if true.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string encoded for Base64.</li>
		</ul>
</div>
<a name="methodencodeForCSS" id="methodencodeForCSS"><!-- --></a>
<div style="background='#eeeeee'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method encodeForCSS</strong> (line <span class="linenumber">160</span>)
 </h4> 
<h4><i>the</i> <strong>encodeForCSS(
string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Encode data for use in Cascading Style Sheets (CSS) content.</h5>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to encode for CSS.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string encoded for CSS.</li>
			<li><strong>see</strong> - escaped-characters&quot;&gt;CSS Syntax [w3.org]&lt;/a&gt;</li>
		</ul>
</div>
<a name="methodencodeForHTML" id="methodencodeForHTML"><!-- --></a>
<div style="background='#ffffff'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method encodeForHTML</strong> (line <span class="linenumber">177</span>)
 </h4> 
<h4><i>the</i> <strong>encodeForHTML(
string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Encode data for use in HTML using HTML entity encoding</h5>
<div class="desc"><p>Note that the following characters: 00-08, 0B-0C, 0E-1F and 7F-9F cannot  be used in HTML.</p></div>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to encode for HTML.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string encoded for HTML.</li>
			<li><strong>see</strong> - charsets&quot;&gt;XML Specification [w3.org]&lt;/a&gt;</li>
			<li><strong>see</strong> - <a href="&lt;a href=&quot;http://www.w3.org/TR/html4/sgml/sgmldecl.html&quot;&gt;SGML Specification [w3.org]&lt;/a&gt;">&lt;a href=&quot;http://www.w3.org/TR/html4/sgml/sgmldecl.html&quot;&gt;SGML Specification [w3.org]&lt;/a&gt;</a></li>
			<li><strong>see</strong> - <a href="&lt;a href=&quot;http://en.wikipedia.org/wiki/Character_encodings_in_HTML&quot;&gt;HTML Encodings [wikipedia.org]&lt;/a&gt;">&lt;a href=&quot;http://en.wikipedia.org/wiki/Character_encodings_in_HTML&quot;&gt;HTML Encodings [wikipedia.org]&lt;/a&gt;</a></li>
		</ul>
</div>
<a name="methodencodeForHTMLAttribute" id="methodencodeForHTMLAttribute"><!-- --></a>
<div style="background='#eeeeee'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method encodeForHTMLAttribute</strong> (line <span class="linenumber">187</span>)
 </h4> 
<h4><i>the</i> <strong>encodeForHTMLAttribute(
string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Encode data for use in HTML attributes.</h5>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to encode for an HTML attribute.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string encoded for use as an HTML attribute.</li>
		</ul>
</div>
<a name="methodencodeForJavaScript" id="methodencodeForJavaScript"><!-- --></a>
<div style="background='#ffffff'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method encodeForJavaScript</strong> (line <span class="linenumber">200</span>)
 </h4> 
<h4><i>the</i> <strong>encodeForJavaScript(
string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Encode data for insertion inside a data value in JavaScript. Putting user  data directly inside a script is quite dangerous. Great care must be  taken to prevent putting user data directly into script code itself, as  no amount of encoding will prevent attacks there.</h5>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to encode for use in JavaScript.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string encoded for use in JavaScript.</li>
		</ul>
</div>
<a name="methodencodeForOS" id="methodencodeForOS"><!-- --></a>
<div style="background='#eeeeee'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method encodeForOS</strong> (line <span class="linenumber">248</span>)
 </h4> 
<h4><i>the</i> <strong>encodeForOS(
<a href="../ESAPI_Codecs/Codec.html">Codec</a>
$codec, string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Encode for an operating system command shell according to the selected  codec (appropriate codecs include the WindowsCodec and UnixCodec).</h5>
		<h4>Parameters</h4>
	<ul>
			<li><strong><a href="../ESAPI_Codecs/Codec.html">Codec</a> $codec</strong>: an instance of a Codec which will encode the input                       string for the desired operating system (e.g. Windows,                       Unix, etc.).</li>
			<li><strong>string $input</strong>: string to encode for use in a command shell.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string encoded for use in a command shell.</li>
		</ul>
</div>
<a name="methodencodeForSQL" id="methodencodeForSQL"><!-- --></a>
<div style="background='#ffffff'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method encodeForSQL</strong> (line <span class="linenumber">234</span>)
 </h4> 
<h4><i>the</i> <strong>encodeForSQL(
<a href="../ESAPI_Codecs/Codec.html">Codec</a>
$codec, string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Encode input for use in a SQL query, according to the selected codec  (appropriate codecs include the MySQLCodec and OracleCodec).</h5>
<div class="desc"><p>This method is not recommended. The use of the PreparedStatement  interface is the preferred approach. However, if for some reason this is  impossible, then this method is provided as a weaker alternative.</p></div>
		<h4>Parameters</h4>
	<ul>
			<li><strong><a href="../ESAPI_Codecs/Codec.html">Codec</a> $codec</strong>: an instance of a Codec which will encode the input                       string for the desired SQL database (e.g. MySQL, Oracle,                       etc.).</li>
			<li><strong>string $input</strong>: string to encode for use in a SQL query.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string encoded for use in a SQL query.</li>
		</ul>
</div>
<a name="methodencodeForURL" id="methodencodeForURL"><!-- --></a>
<div style="background='#eeeeee'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method encodeForURL</strong> (line <span class="linenumber">315</span>)
 </h4> 
<h4><i>the</i> <strong>encodeForURL(
string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Encode for use in a URL. This method performs &lt;a  href=&quot;http://en.wikipedia.org/wiki/Percent-encoding&quot;&gt;URL encoding&lt;/a&gt;  on the entire string.</h5>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to be encoded for use in a URL.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string encoded for use in a URL.</li>
		</ul>
</div>
<a name="methodencodeForVBScript" id="methodencodeForVBScript"><!-- --></a>
<div style="background='#ffffff'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method encodeForVBScript</strong> (line <span class="linenumber">216</span>)
 </h4> 
<h4><i>the</i> <strong>encodeForVBScript(
string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Encode data for insertion inside a data value in a Visual Basic script.</h5>
<div class="desc"><p>Putting user data directly inside a script is quite dangerous. Great care  must be taken to prevent putting user data directly into script code  itself, as no amount of encoding will prevent attacks there.</p><p>This method is not recommended as VBScript is only supported by Internet  Explorer.</p></div>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to encode for use in VBScript.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string encoded for use in VBScript.</li>
		</ul>
</div>
<a name="methodencodeForXML" id="methodencodeForXML"><!-- --></a>
<div style="background='#eeeeee'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method encodeForXML</strong> (line <span class="linenumber">286</span>)
 </h4> 
<h4><i>the</i> <strong>encodeForXML(
string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Encode data for use in an XML element. The implementation should follow  the &lt;a href=&quot;http://www.w3schools.com/xml/xml_encoding.asp&quot;&gt;XML Encoding  Standard&lt;/a&gt; from the W3C.</h5>
<div class="desc"><p>The use of a real XML parser is strongly encouraged. However, in the  hopefully rare case that you need to make sure that data is safe for  inclusion in an XML document and cannot use a parse, this method provides  a safe mechanism to do so.</p></div>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to be encoded for use in an XML element.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string encoded for use in an XML element.</li>
		</ul>
</div>
<a name="methodencodeForXMLAttribute" id="methodencodeForXMLAttribute"><!-- --></a>
<div style="background='#ffffff'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method encodeForXMLAttribute</strong> (line <span class="linenumber">303</span>)
 </h4> 
<h4><i>the</i> <strong>encodeForXMLAttribute(
string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Encode data for use in an XML attribute. The implementation should follow  the &lt;a href=&quot;http://www.w3schools.com/xml/xml_encoding.asp&quot;&gt;XML Encoding  Standard&lt;/a&gt; from the W3C.</h5>
<div class="desc"><p>The use of a real XML parser is highly encouraged. However, in the  hopefully rare case that you need to make sure that data is safe for  inclusion in an XML document and cannot use a parse, this method provides  a safe mechanism to do so.</p></div>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to be encoded for use as an XML attribute.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string encoded for use in an XML attribute.</li>
		</ul>
</div>
<a name="methodencodeForXPath" id="methodencodeForXPath"><!-- --></a>
<div style="background='#eeeeee'"><h4>
<img src="../media/images/PublicMethod.gif" border="0" /> <strong class="method">Method encodeForXPath</strong> (line <span class="linenumber">269</span>)
 </h4> 
<h4><i>the</i> <strong>encodeForXPath(
string
$input)</strong></h4>

	<!-- ========== Info from phpDoc block ========= -->
<h5>Encode data for use in an XPath query.</h5>
<div class="desc"><p>The difficulty with XPath encoding is that XPath has no built in  mechanism for escaping characters. It is possible to use XQuery in a  parameterized way to prevent injection.</p><p>For more information, refer to &lt;a  href=&quot;http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html&quot;&gt;  this article&lt;/a&gt; which specifies the following list of characters as the  most dangerous: ^&amp;&quot;*';&lt;&gt;(). &lt;a href=  &quot;http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf&quot;&gt;  This paper&lt;/a&gt; suggests disallowing ' and &quot; in queries.</p></div>
		<h4>Parameters</h4>
	<ul>
			<li><strong>string $input</strong>: string to be encoded for use in an XPath query.</li>
		</ul>
		
	<h4>Info</h4>
	<ul>
			<li><strong>return</strong> - input string encoded for use in an XPath query.</li>
		</ul>
</div>
<script type="text/javascript">tp1.addTabPage( document.getElementById( "tabPage2" ) );</script></div>
<div class="tab-page" id="iVars">
<h2 class="tab">Inherited Variables</h2>
<script type="text/javascript">tp1.addTabPage( document.getElementById( "iVars" ) );</script>
<!-- =========== VAR INHERITED SUMMARY =========== -->
<A NAME='var_inherited_summary'><!-- --></A>
<h3>Inherited Class Variable Summary</h3>

	</div>
<div class="tab-page" id="iMethods">
<h2 class="tab">Inherited Methods</h2>
<script type="text/javascript">tp1.addTabPage( document.getElementById( "iMethods" ) );</script>
<!-- =========== INHERITED METHOD SUMMARY =========== -->
<A NAME='functions_inherited'><!-- --></A>
<h3>Inherited Method Summary</h3>

	</div>
</div>
<script type="text/javascript">
//<![CDATA[

setupAllTabs();

//]]>
</script>
	<div id="credit">
		<hr />
		Documentation generated on Fri, 21 May 2010 14:53:35 -0400 by <a href="http://www.phpdoc.org" target="_blank">phpDocumentor 1.4.3</a>
	</div>
</body>
</html>